233 matches found
EMC Secure Remote Services Virtual Edition multiple security vulnerabilities
Code execution, SQL injection, buffer overflow...
Design/Logic Flaw
EMC Secure Remote Services Virtual Edition ESRS VE 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Design/Logic Flaw
EMC Secure Remote Services Virtual Edition ESRS VE 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value...
CVE-2015-0543
EMC Secure Remote Services Virtual Edition ESRS VE 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-0544
EMC Secure Remote Services Virtual Edition (ESRS VE) before 3.06 is affected by insufficient randomness in session cookie generation, enabling potential session hijacking. Affected versions include ESRS VE 3.02–3.04; EMC released 3.06 to address this issue. The vulnerability is documented as a hi...
CVE-2015-0543
EMC Secure Remote Services Virtual Edition ESRS VE 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-0544
EMC Secure Remote Services Virtual Edition ESRS VE 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value...
ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-097: EMC Secure Remote Services ESRS Virtual Edition VE Multiple Security Vulnerabilities CVE Identifier: CVE-2015-0543, CVE-2015-0544 Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE Affected products: • ESRS...
EMC Secure Remote Services Virtual Edition Unauthorized Access Vulnerability
EMC Secure Remote Services Virtual Edition is the virtual edition of the Remote Services software that provides two-way remote connectivity between EMC customer service and end-user EMC products and solutions. EMC Secure Remote Services Virtual Edition system to create a session COOKIE is not...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
Dell SonicWALL Secure Remote Access Products CVE-2015-2248 Cross Site Request Forgery Vulnerability
Cross-site request forgery CSRF vulnerability in the user portal in Dell SonicWALL Secure Remote Access SRA products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request...
CVE-2015-2248
Dell SonicWALL Secure Remote Access (SRA) appliances are affected by CVE-2015-2248 (CSRF in the user portal) affecting firmware prior to 7.5.1.0-38sv and 8.x prior to 8.0.0.1-16sv. The vulnerability enables an attacker to hijack a logged-in user’s authentication to create bookmarks via a crafted ...
EMC Secure Remote Services Virtual Edition Command Injection Vulnerability
EMC Secure Remote Services Virtual Edition ESRS VE is a suite of Remote Services Virtual Edition software from EMC Corporation used to provide bi-directional remote connectivity between EMC customer service and end-user EMC products and solutions. A command injection vulnerability exists in EMC...
Command injection vulnerability in EMC Secure Remote Services Virtual Edition
------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection
------------------------------------------------------------------------ EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC Secure Remote Services Virtual Edition Command Injection
------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC Secure Remote Services Virtual Edition SQL Injection Vulnerability
An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition ESRS VE that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself...
ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2015-0235, CVE-2015-0524, CVE-2015-0525 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected...
EMC Secure Remote Services Virtual Edition Gateway Provisioning Service Operating System Command Injection Vulnerability
EMC Secure Remote Services Virtual Edition ESRS VE is a suite of EMC Secure Remote Services Virtual Edition software used to provide bi-directional remote connectivity between EMC customer service and end-user EMC products and solutions. A security vulnerability exists in the Gateway Provisioning...
CVE-2015-0525
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition ESRS VE 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors...